From 89879f5303a35fa725d4d0f08f2e29be6cd75da7 Mon Sep 17 00:00:00 2001 From: moagrawa Date: Mon, 28 May 2018 19:20:54 +0530 Subject: [PATCH 659/659] gluster: Allow only read-only CLI commands via remote-host Problem: Current CLI code allows to run all commands via remote-host while SSL is enabled even node is not added in trusted storage pool Solution: Change condition in init function in glusterd.c to allow only read-only CLI commands via remote-host while SSL is enabled. BUG: 1582128 Change-Id: I1ef653efe3ea7fb9a1677cd80e09e0ea97b0177c Signed-off-by: moagrawa Reviewed-on: https://code.engineering.redhat.com/gerrit/140053 Reviewed-by: Atin Mukherjee --- xlators/mgmt/glusterd/src/glusterd.c | 5 ----- 1 file changed, 5 deletions(-) diff --git a/xlators/mgmt/glusterd/src/glusterd.c b/xlators/mgmt/glusterd/src/glusterd.c index 71261af..12ed558 100644 --- a/xlators/mgmt/glusterd/src/glusterd.c +++ b/xlators/mgmt/glusterd/src/glusterd.c @@ -1750,11 +1750,6 @@ init (xlator_t *this) goto out; } /* - * With strong authentication, we can afford to allow - * privileged operations over TCP. - */ - gd_inet_programs[1] = &gd_svc_cli_prog; - /* * This is the only place where we want secure_srvr to reflect * the management-plane setting. */ -- 1.8.3.1